A BS in Computer Science or Engineering or comparable experience in a related discipline,along with demonstrated expertise in the following areas:
- Proven knowledge of security fundamentals across Microsoft platforms (Client, Server, Cloud)
- Strong understanding of malware and the modern threat landscape, especially identity-based attacks
- Detail oriented and reliable problem solver mentality
- Excellent oral and written communication skills including concisely communicating status; concisely, clearly, and comprehensively documenting findings
- Robust critical thinking skills and willingness to learn new concepts and technologies
- A desire to learn and grow, as well as a desire to help others do so
- Familiarity and understanding of SQL or Kusto Query Language (KQL) queries (or experience with large database/SIEM query languages such as Splunk/Humio/Kibana, etc.)
- Familiarity and understanding of Jupyter Notebooks, or building equivalent threat hunting automations with scripting languages
- Experience with some of the following is a distinct advantage:
- Consulting background
- Active Directory subject matter expertise
- Experience with sophisticated threat actor evidence including familiarity with typical Indicators of Compromise (IOCs), Indicators of Activity (IOAs) and Tools, Techniques and Procedures (TTPs)
- Use of forensic analysis tools such as X-Ways Forensics®, WinHex®, Encase®, FTK®, etc
- Microsoft Azure and/or Office365 platform knowledge and experience
- Experience with various forensic log artifacts found in SIEM logs, web server logs, AV logs, protection logs such as HIDS and NIDS logs
- Familiarity with Microsoft Defender 365 security stack (for Endpoints, Identity, Cloud, etc), especially with Advanced Hunting query writing
- Excellent understanding of Windows internals and where trace evidence can be found
- Knowledge of third-party cybersecurity solutions, especially EDR and SIEM solutions
- Linux and/or macOS forensic analysis and threat hunting skills
- Technical certifications based on domain (e.g., Azure, SharePoint)
- Project Management certifications (e.g., PMP, Scrum)
- Investigation/Cybersecurity/Digital Forensics/DFIR certifications (e.g. CISSP, SANS GIAC, etc)
The successful candidate must have or be able to obtain the Security Check (SC) or Developed Vetting (DV) clearance as issued by the United Kingdom Security Vetting Unit (UKSV). Ability to meet Microsoft, customer and/or government security screening requirements are required for this role.